A serious security flaw has been discovered in gay dating app Jack’d which made thousands of private photos publicly available.
Researcher Oliver Hough found the flaw which, as he told BBC News, meant that anyone with the wherewithal could look at intimate photos users thought they had posted privately on the app.
The location-based dating and hook-up app aimed at gay, bi-sexual and bi-curious men, gives users the option to post personal photos and choose precisely who they share these with, but the app’s vulnerability means that these images could potentially be seen by anyone with an internet connection.
Hough claims that despite reporting the issue to the Jack’d developer team last year, it still hasn’t been addressed.
“They acknowledged my report but then just went silent and did nothing,” Hough told BBC News. “A journalist contacted them in November and they did the same.”
Jack’d, which is available on both iOS and Android platforms, currently has over five million users in 180 countries. It was set up in 2011 by alumni from Cornell University, New York State, with the mission (as stated on its website) to help “guys look for other guys to find friendship, dates, long-term relationships and one-time intimate encounters.”
A security issue like this could well have very serious ramifications for its users, especially for those living in countries with high incidences of gay hate crime who could effectively be outed by the app.
Ironically there is a point on the site’s FAQ which gives users advice on what to do if their photos are stolen via the app.
The app’s CEO Mark Girolamo told Ars Technica that the issue would be fixed this week, and the publication has confirmed that leaks taking place via this vulnerability were now no longer possible.
SEXTECHGUIDE asked Jack’d for comment but did not receive a response ahead of publication. We’ll update here if and when the company responds.
While it’s not a good look for Jack’d, the company isn’t alone in suffering from privacy issues in the dating space – Grindr and other gay dating apps were found to be leaking user data way back in 2016, and the fallout from the Ashley Madison hack is well-known at this point.